Overview

overview

9

Static

static

9

Awesomium.dll

windows11-21h2-x64

3

AwesomiumProcess.exe

windows11-21h2-x64

1

Core.dll

windows11-21h2-x64

1

D3DDrv.dll

windows11-21h2-x64

1

D3DX9_40.dll

windows11-21h2-x64

3

DSETUP.dll

windows11-21h2-x64

7

Engine.dll

windows11-21h2-x64

1

Fire.dll

windows11-21h2-x64

1

L2.exe

windows11-21h2-x64

7

clmods.dll

windows11-21h2-x64

5

en-US.dll

windows11-21h2-x64

1

l2.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    438s
  • max time network
    450s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-02-2024 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    L2.exe

  • Size

    3.4MB

  • MD5

    e0bdf54f93233062a9b59665b964d119

  • SHA1

    cfc0f129fec7449b5bcf1f653496c0e010fc8c8f

  • SHA256

    eb94a2b0be8318b5407fe971bfe553e554bb5e0245b3d0abc5cfc508e4c69175

  • SHA512

    df3e2a772f1382222c448898c5ec6345dc3498469a786f32aacc4993727418f0e3c4522c9607ed36e60877a0a214cf0ea6c78469aa907a5ec4d8200fe71fe705

  • SSDEEP

    49152:AoRTzBsn2W5xrFrH7RCVTnfgNTV+woIGBD:zRfBvW5xJrH7RCRnfgNJVkBD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\L2.exe
    "C:\Users\Admin\AppData\Local\Temp\L2.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2080
  • C:\Users\Admin\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe
    C:\Users\Admin\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe
    1⤵
    • Executes dropped EXE
    PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe
    Filesize

    221KB

    MD5

    e8fda4356557802fef6a25f431aa7094

    SHA1

    344d6bb8229feb675986d678b608e767700c2f8c

    SHA256

    a6386f798834b6dbf90ff99a77443a5be1fe7b723e24259266c34849dc55ffad

    SHA512

    9f4d57c4fc4bf975dcde46f612b615d41dad068970eb33218f394e4122af3acddf6068d6f8069cfab478ad934daaffa8234dbbae757aba3b90bd67f74593ccfb

    Download Submit
  • memory/2080-12-0x0000000005300000-0x0000000005301000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-29-0x0000000000400000-0x00000000032B5000-memory.dmp
    Filesize

    46.7MB

    Download
  • memory/2080-11-0x00000000052F0000-0x00000000052F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-5-0x0000000005290000-0x0000000005291000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-4-0x0000000005280000-0x0000000005281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-7-0x00000000052B0000-0x00000000052B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-8-0x00000000052C0000-0x00000000052C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-6-0x00000000052A0000-0x00000000052A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-9-0x00000000052D0000-0x00000000052D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-13-0x0000000005310000-0x0000000005311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-3-0x0000000005270000-0x0000000005271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-2-0x0000000005260000-0x0000000005261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-10-0x00000000052E0000-0x00000000052E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-15-0x0000000005330000-0x0000000005331000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-14-0x0000000005320000-0x0000000005321000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-16-0x0000000005350000-0x0000000005351000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-17-0x0000000005360000-0x0000000005361000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-18-0x0000000005370000-0x0000000005371000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-19-0x0000000005380000-0x0000000005381000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-20-0x0000000000400000-0x00000000032B5000-memory.dmp
    Filesize

    46.7MB

    Download
  • memory/2080-21-0x0000000000400000-0x00000000032B5000-memory.dmp
    Filesize

    46.7MB

    Download
  • memory/2080-1-0x0000000003430000-0x0000000003431000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-0-0x0000000003410000-0x0000000003411000-memory.dmp
    Filesize

    4KB

    Download